Skip to Main content Skip to Navigation
Reports

Spectral Fuzzing: Evaluation & Feedback

Abstract : This paper presents an instrumentation framework for assessing and improving fuzzing, a powerful technique to rapidly detect software vulnerabilities. We address the major current limitation of fuzzing techniques, namely the absence of evaluation metrics and the absence of automated quality assessment techniques for fuzzing approaches. We treat the fuzzing process as a signal and show how derived measures like power and entropy can give an insightful perspective on a fuzzing process. We demonstrate how this perspective can be used to compare the efficiency of several fuzzers, derive stopping conditions for a fuzzing process, or help to identify good candidates for input data. We show through the Linux implementation of our instrumentation framework how the approach was successfully used to assess two different fuzzers on real applications. Our instrumentation framework leverages a tainted data approach and uses data lifetime tracing with an underlying tainted data graph structure.
Complete list of metadata

Cited literature [37 references]  Display  Hide  Download

https://hal.inria.fr/inria-00452015
Contributor : Humberto Abdelnur <>
Submitted on : Wednesday, February 2, 2011 - 7:00:17 AM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Tuesday, November 6, 2012 - 1:10:39 PM

File

RR-7193.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00452015, version 1

Collections

Citation

Humberto Abdelnur, Radu State, Obes Jorge Lucangeli, Olivier Festor. Spectral Fuzzing: Evaluation & Feedback. [Research Report] RR-7193, INRIA. 2010, pp.40. ⟨inria-00452015⟩

Share

Metrics

Record views

546

Files downloads

961